W32/WannaCryptor!tr.ransom
Analysis
W32/WannaCryptor!tr is a generic detection for a ransomware that utilizes exploits identified in
Microsoft Windows SMB Server (4013389).
This malware is publicly known as WannaCry or WannaCryptor, and has caused some significant infection /damage on the wild. Further details can be found in this blog post.
The malware has the following indicators:
|
|
|
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database./li>
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
- Download and install the patch for the Microsoft Windows SMB Server Vulnerability at https://technet.microsoft.com/library/security/MS17-010.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2020-08-18 | 79.72000 | Sig Updated |